Taiwanese laptop producer Acer has been hit by a REvil ransomware assault the place the menace actors are demanding the most important identified ransom so far, $50,000,000.
Acer is the world’s Sixth-largest PC vendor by unit gross sales as of January 2021 and well-known for laptops, desktops, and screens.
A Pc Weekly report calls REvil “probably the most energetic and harmful ransomware threats within the wild.” REvil is often known as Sodinokibi, was first found in 2019 by Cisco Talos.
McAfee’s Superior Menace Analysis (ATR) group shared insights into the associates’ strategies utilizing REvil, together with distributing the ransomware by spear-phishing and weaponized paperwork.
These paperwork – batch recordsdata that obtain payloads from Pastebin to processes on the goal OS – compromises distant desktop protocols (RDPs) and makes use of script recordsdata and password cracking instruments to distribute them over the goal community.
REvil normally calls for ransoms between 0.44 and 0.45 bitcoin, which is roughly $4,000.
The ransomware gang introduced on their information leak web site that that they had breached Acer and shared some photographs of allegedly stolen recordsdata as proof.
The leaked photographs are for paperwork that embody monetary spreadsheets, financial institution balances, and financial institution communications.
In response to BleepingComputer’s inquiries, Acer’s response as follows:
“Acer routinely screens its IT programs, and most cyberattacks are effectively defensed. Firms like us are consistently underneath assault, and now we have reported current irregular conditions noticed to the related legislation enforcement and information safety authorities in a number of international locations.”
“Now we have been constantly enhancing our cybersecurity infrastructure to guard enterprise continuity and our data integrity. We urge all corporations and organizations to stick to cybersecurity disciplines and finest practices and be vigilant to any community exercise abnormalities.” – Acer.
Acer additionally stated, “there may be an ongoing investigation and for the sake of safety, we’re unable to touch upon particulars.”
Acer Ransome Demand
Valery Marchive of LegMagIT found the REvil ransomware pattern used within the Acer assault that demanded a whopping $50 million ransom.
After, BleepingComputer discovered the pattern and might affirm that primarily based on the ransom notice and the sufferer’s dialog with the attackers, the pattern is from the cyberattack on Acer.
In conversations between the sufferer and REvil, which began on March 14th, the Acer consultant confirmed shock on the huge $50 million demand. Later within the chat, the REvil consultant shared a hyperlink to the Acer information leak web page, which was secret on the time.
The attackers additionally provided a 20% low cost if fee was made by this previous Wednesday. In return, the ransomware gang would supply a decryptor, a vulnerability report, and the deletion of stolen recordsdata.
At one level, the REvil operation provided a cryptic warning to Acer “to not repeat the destiny of the SolarWind.”
REvil’s 50 million demand is the most important identified ransom so far, with the earlier being the $30 million ransom from the Dairy Farm cyberattack, additionally by REvil.
Possible Microsoft Trade exploitation
“Superior Intel’s Andariel cyberintelligence system detected that one explicit REvil affiliate pursued Microsoft Trade weaponization”, says Vitali Kremez.
If REvil did exploit the current Microsoft Trade vulnerabilities to steal information or encrypt units, it will be the primary time one of many huge game-hunting ransomware operations used this assault vector.